aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-02-09 13:50:03 +0000
committerMario <mario@mariovavti.com>2021-02-09 13:50:03 +0000
commitb4693870ba647455e6bd0a3919a544130cee118b (patch)
tree97fe6de09c5ce3b5e6ed247c6a6105008631e79a /include
parent5aee2f172ecdf58e13dd328c787fd199c48d24c5 (diff)
downloadvolse-hubzilla-b4693870ba647455e6bd0a3919a544130cee118b.tar.gz
volse-hubzilla-b4693870ba647455e6bd0a3919a544130cee118b.tar.bz2
volse-hubzilla-b4693870ba647455e6bd0a3919a544130cee118b.zip
port Lib/Crypto from zap
Diffstat (limited to 'include')
-rw-r--r--include/account.php36
-rw-r--r--include/channel.php17
-rw-r--r--include/crypto.php7
-rw-r--r--include/dir_fns.php3
-rw-r--r--include/follow.php18
-rw-r--r--include/items.php7
-rw-r--r--include/text.php11
-rw-r--r--include/xchan.php13
-rw-r--r--include/zot.php111
9 files changed, 121 insertions, 102 deletions
diff --git a/include/account.php b/include/account.php
index bea84cea7..34936c33f 100644
--- a/include/account.php
+++ b/include/account.php
@@ -4,6 +4,8 @@
* @brief Somme account related functions.
*/
+use Zotlabs\Lib\Crypto;
+
require_once('include/config.php');
require_once('include/network.php');
require_once('include/plugin.php');
@@ -26,8 +28,8 @@ function check_account_email($email) {
$email = punify($email);
$result = array('error' => false, 'message' => '');
- // Caution: empty email isn't counted as an error in this function.
- // Check for empty value separately.
+ // Caution: empty email isn't counted as an error in this function.
+ // Check for empty value separately.
if(! strlen($email))
return $result;
@@ -36,7 +38,7 @@ function check_account_email($email) {
$result['message'] .= t('Not a valid email address') . EOL;
elseif(! allowed_email($email))
$result['message'] = t('Your email domain is not among those allowed on this site');
- else {
+ else {
$r = q("select account_email from account where account_email = '%s' limit 1",
dbesc($email)
);
@@ -175,7 +177,7 @@ function create_account($arr) {
// Ensure that there is a host keypair.
if ((! get_config('system', 'pubkey')) && (! get_config('system', 'prvkey'))) {
- $hostkey = new_keypair(4096);
+ $hostkey = Crypto::new_keypair(4096);
set_config('system', 'pubkey', $hostkey['pubkey']);
set_config('system', 'prvkey', $hostkey['prvkey']);
}
@@ -306,8 +308,8 @@ function verify_email_address($arr) {
);
$res = z_mail(
- [
- 'toEmail' => $arr['email'],
+ [
+ 'toEmail' => $arr['email'],
'messageSubject' => sprintf( t('Registration confirmation for %s'), get_config('system','sitename')),
'textVersion' => $email_msg,
]
@@ -375,8 +377,8 @@ function send_reg_approval_email($arr) {
));
$res = z_mail(
- [
- 'toEmail' => $admin['email'],
+ [
+ 'toEmail' => $admin['email'],
'messageSubject' => sprintf( t('Registration request at %s'), get_config('system','sitename')),
'textVersion' => $email_msg,
]
@@ -403,7 +405,7 @@ function send_register_success_email($email,$password) {
));
$res = z_mail(
- [
+ [
'toEmail' => $email,
'messageSubject' => sprintf( t('Registration details for %s'), get_config('system','sitename')),
'textVersion' => $email_msg,
@@ -446,7 +448,7 @@ function account_allow($hash) {
intval(ACCOUNT_BLOCKED),
intval($register[0]['uid'])
);
-
+
q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING),
@@ -466,7 +468,7 @@ function account_allow($hash) {
));
$res = z_mail(
- [
+ [
'toEmail' => $account[0]['account_email'],
'messageSubject' => sprintf( t('Registration details for %s'), get_config('system','sitename')),
'textVersion' => $email_msg,
@@ -556,13 +558,13 @@ function account_approve($hash) {
intval(ACCOUNT_BLOCKED),
intval($register[0]['uid'])
);
-
+
q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING),
intval($register[0]['uid'])
);
-
+
q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_UNVERIFIED),
intval(ACCOUNT_UNVERIFIED),
@@ -583,7 +585,7 @@ function account_approve($hash) {
else {
$_SESSION['login_return_url'] = 'new_channel';
authenticate_success($account[0],null,true,true,false,true);
- }
+ }
return true;
}
@@ -592,14 +594,14 @@ function account_approve($hash) {
/**
* @brief Checks for accounts that have past their expiration date.
*
- * If the account has a service class which is not the site default,
+ * If the account has a service class which is not the site default,
* the service class is reset to the site default and expiration reset to never.
* If the account has no service class it is expired and subsequently disabled.
* called from include/poller.php as a scheduled task.
*
* Reclaiming resources which are no longer within the service class limits is
- * not the job of this function, but this can be implemented by plugin if desired.
- * Default behaviour is to stop allowing additional resources to be consumed.
+ * not the job of this function, but this can be implemented by plugin if desired.
+ * Default behaviour is to stop allowing additional resources to be consumed.
*/
function downgrade_accounts() {
diff --git a/include/channel.php b/include/channel.php
index 2d79cd074..08b5ee889 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -9,6 +9,7 @@ use Zotlabs\Access\PermissionRoles;
use Zotlabs\Access\PermissionLimits;
use Zotlabs\Access\Permissions;
use Zotlabs\Daemon\Master;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\System;
use Zotlabs\Render\Comanche;
use Zotlabs\Lib\Libzot;
@@ -107,7 +108,7 @@ function create_sys_channel() {
if ((! get_config('system', 'pubkey')) && (! get_config('system', 'prvkey'))) {
require_once('include/crypto.php');
- $hostkey = new_keypair(4096);
+ $hostkey = Crypto::new_keypair(4096);
set_config('system', 'pubkey', $hostkey['pubkey']);
set_config('system', 'prvkey', $hostkey['prvkey']);
}
@@ -232,10 +233,10 @@ function create_identity($arr) {
}
$guid = Libzot::new_uid($nick);
- $key = new_keypair(4096);
+ $key = Crypto::new_keypair(4096);
// legacy zot
- $zsig = base64url_encode(rsa_sign($guid,$key['prvkey']));
+ $zsig = base64url_encode(Crypto::sign($guid,$key['prvkey']));
$zhash = make_xchan_hash($guid,$zsig);
// zot6
@@ -345,7 +346,7 @@ function create_identity($arr) {
'hubloc_addr' => channel_reddress($ret['channel']),
'hubloc_primary' => intval($primary),
'hubloc_url' => z_root(),
- 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$ret['channel']['channel_prvkey'])),
+ 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$ret['channel']['channel_prvkey'])),
'hubloc_host' => App::get_hostname(),
'hubloc_callback' => z_root() . '/post',
'hubloc_sitekey' => get_config('system','pubkey'),
@@ -603,9 +604,9 @@ function change_channel_keys($channel) {
$stored = [];
- $key = new_keypair(4096);
+ $key = Crypto::new_keypair(4096);
- $sig = base64url_encode(rsa_sign($channel['channel_guid'],$key['prvkey']));
+ $sig = base64url_encode(Crypto::sign($channel['channel_guid'],$key['prvkey']));
$hash = make_xchan_hash($channel['channel_guid'],$sig);
$stored['old_guid'] = $channel['channel_guid'];
@@ -614,7 +615,7 @@ function change_channel_keys($channel) {
$stored['old_hash'] = $channel['channel_hash'];
$stored['new_key'] = $key['pubkey'];
- $stored['new_sig'] = base64url_encode(rsa_sign($key['pubkey'],$channel['channel_prvkey']));
+ $stored['new_sig'] = base64url_encode(Crypto::sign($key['pubkey'],$channel['channel_prvkey']));
// Save this info for the notifier to collect
@@ -651,7 +652,7 @@ function change_channel_keys($channel) {
foreach($h as $hv) {
$hv['hubloc_guid_sig'] = $sig;
$hv['hubloc_hash'] = $hash;
- $hv['hubloc_url_sig'] = base64url_encode(rsa_sign(z_root(),$modified['channel_prvkey']));
+ $hv['hubloc_url_sig'] = base64url_encode(Crypto::sign(z_root(),$modified['channel_prvkey']));
hubloc_store_lowlevel($hv);
}
}
diff --git a/include/crypto.php b/include/crypto.php
index 84d639f3f..d91d3749c 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -1,5 +1,7 @@
<?php /** @file */
+use Zotlabs\Lib\Crypto;
+
require_once('library/ASNValue.class.php');
require_once('library/asn1.php');
@@ -192,7 +194,6 @@ function crypto_methods() {
function signing_methods() {
-
$r = [ 'sha256' ];
call_hooks('signing_methods',$r);
return $r;
@@ -461,12 +462,12 @@ function convert_salmon_key($key) {
function z_obscure($s) {
- return json_encode(crypto_encapsulate($s,get_config('system','pubkey')));
+ return json_encode(Crypto::encapsulate($s,get_config('system','pubkey')));
}
function z_unobscure($s) {
if(strpos($s,"{\"") !== 0)
return $s;
- return crypto_unencapsulate(json_decode($s,true),get_config('system','prvkey'));
+ return Crypto::unencapsulate(json_decode($s,true),get_config('system','prvkey'));
}
diff --git a/include/dir_fns.php b/include/dir_fns.php
index 88a1bb74f..8326415ed 100644
--- a/include/dir_fns.php
+++ b/include/dir_fns.php
@@ -3,6 +3,7 @@
* @file include/dir_fns.php
*/
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\Webfinger;
use Zotlabs\Lib\Zotfinger;
@@ -280,7 +281,7 @@ function sync_directories($dirmode) {
logger('key unavailable on this site for ' . $rr['channel']);
continue;
}
- if (! rsa_verify($rr['target'] . '.' . $rr['rating'] . '.' . $rr['rating_text'], base64url_decode($rr['signature']),$y[0]['xchan_pubkey'])) {
+ if (! Crypto::verify($rr['target'] . '.' . $rr['rating'] . '.' . $rr['rating_text'], base64url_decode($rr['signature']),$y[0]['xchan_pubkey'])) {
logger('failed to verify rating');
continue;
}
diff --git a/include/follow.php b/include/follow.php
index a4d382545..64ae8f7f1 100644
--- a/include/follow.php
+++ b/include/follow.php
@@ -9,6 +9,8 @@
// $return['abook'] Address book entry joined with xchan if successful
// $return['message'] error text if success is false.
+use Zotlabs\Lib\Crypto;
+
require_once('include/zot.php');
function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) {
@@ -19,7 +21,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$is_zot = false;
$protocol = '';
-
+
if(substr($url,0,1) === '[') {
$x = strpos($url,']');
if($x) {
@@ -62,7 +64,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
call_hooks('follow_init', $arr);
- if($arr['channel']['success'])
+ if($arr['channel']['success'])
$ret = $arr['channel'];
elseif((! $is_http) && ((! $protocol) || (strtolower($protocol) === 'zot')))
$ret = Zotlabs\Zot\Finger::run($url,$channel);
@@ -98,11 +100,11 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
return $result;
}
}
-
-
+
+
// do we have an xchan and hubloc?
- // If not, create them.
+ // If not, create them.
$x = import_xchan($j);
@@ -111,13 +113,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
return $result;
}
- if(! $x['success'])
+ if(! $x['success'])
return $x;
$xchan_hash = $x['hash'];
if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) {
- $permissions = crypto_unencapsulate(array(
+ $permissions = Crypto::unencapsulate(array(
'data' => $j['permissions']['data'],
'alg' => $j['permissions']['alg'],
'key' => $j['permissions']['key'],
@@ -140,7 +142,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$xchan_hash = '';
$sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : '');
-
+
$r = q("select * from xchan where (xchan_addr = '%s' or xchan_url = '%s') $sql_options ",
dbesc($url),
diff --git a/include/items.php b/include/items.php
index 83108455f..223fba147 100644
--- a/include/items.php
+++ b/include/items.php
@@ -4,6 +4,7 @@
* @brief Items related functions.
*/
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\Enotify;
use Zotlabs\Lib\MarkdownSoap;
use Zotlabs\Lib\MessageFilter;
@@ -1652,7 +1653,7 @@ function item_sign(&$item) {
if(! $r)
return;
- $item['sig'] = base64url_encode(rsa_sign($item['body'], $r[0]['channel_prvkey']));
+ $item['sig'] = base64url_encode(Crypto::sign($item['body'], $r[0]['channel_prvkey']));
$item['item_verified'] = 1;
}
@@ -2971,7 +2972,7 @@ function item_community_tag($channel,$item) {
$pitem = $items[0];
$auth = get_iconfig($item,'system','communitytagauth');
if($auth) {
- if(rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['owner']['xchan_pubkey']) || rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['author']['xchan_pubkey'])) {
+ if(Crypto::verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['owner']['xchan_pubkey']) || Crypto::verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['author']['xchan_pubkey'])) {
logger('tag_deliver: tagging the post: ' . $channel['channel_name']);
$tag_the_post = true;
}
@@ -2980,7 +2981,7 @@ function item_community_tag($channel,$item) {
if(($pitem['owner_xchan'] === $channel['channel_hash']) && (! intval(get_pconfig($channel['channel_id'],'system','blocktags')))) {
logger('tag_deliver: community tag recipient: ' . $channel['channel_name']);
$tag_the_post = true;
- $sig = rsa_sign('tagauth.' . $item['mid'],$channel['channel_prvkey']);
+ $sig = Crypto::sign('tagauth.' . $item['mid'],$channel['channel_prvkey']);
logger('tag_deliver: setting iconfig for ' . $item['id']);
set_iconfig($item['id'],'system','communitytagauth',base64url_encode($sig),1);
}
diff --git a/include/text.php b/include/text.php
index 1e08d136c..b7cc0ba20 100644
--- a/include/text.php
+++ b/include/text.php
@@ -9,6 +9,7 @@ use Michelf\MarkdownExtra;
use Ramsey\Uuid\Uuid;
use Ramsey\Uuid\Exception\UnableToBuildUuidException;
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\SvgSanitizer;
require_once("include/bbcode.php");
@@ -3248,7 +3249,7 @@ function item_url_replace($channel,&$item,$old,$new,$oldnick = '') {
$item['body'] = preg_replace("/(\[zrl=".preg_quote($old,'/')."\/(photo|photos|gallery)\/".$channel['channel_address'].".+\]\[zmg=\d+x\d+\])".preg_quote($old,'/')."\/(.+\[\/zmg\])/", '${1}'.$new.'/${3}', $item['body']);
$item['body'] = preg_replace("/".preg_quote($old,'/')."\/(search|\w+\/".$channel['channel_address'].")/", $new.'/${1}', $item['body']);
- $item['sig'] = base64url_encode(rsa_sign($item['body'],$channel['channel_prvkey']));
+ $item['sig'] = base64url_encode(Crypto::sign($item['body'],$channel['channel_prvkey']));
$item['item_verified'] = 1;
$item['plink'] = str_replace($old,$new,$item['plink']);
@@ -3881,6 +3882,14 @@ function unserialise($x) {
return ((is_array($y)) ? $y : $x);
}
+function obscurify($s) {
+ return str_rot47(base64url_encode($s));
+}
+
+function unobscurify($s) {
+ return base64url_decode(str_rot47($s));
+}
+
/**
* @brief Remove new lines and tabs from strings.
*
diff --git a/include/xchan.php b/include/xchan.php
index 5de828e7f..07fdb8b47 100644
--- a/include/xchan.php
+++ b/include/xchan.php
@@ -1,5 +1,6 @@
<?php
+use Zotlabs\Lib\Crypto;
use Zotlabs\Web\HTTPSig;
use Zotlabs\Lib\Libzot;
@@ -85,7 +86,7 @@ function xchan_store($arr) {
}
if($arr['network'] === 'zot') {
- if((! $arr['key']) || (! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) {
+ if((! $arr['key']) || (! Crypto::verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) {
logger('Unable to verify signature for ' . $arr['hash']);
return false;
}
@@ -102,7 +103,7 @@ function xchan_store($arr) {
if($k === 'photo') {
continue;
}
-
+
if(in_array($columns,'xchan_' . $k))
$x['xchan_' . $k] = escape_tags($v);
}
@@ -112,7 +113,7 @@ function xchan_store($arr) {
$x['xchan_system'] = false;
$result = xchan_store_lowlevel($x);
-
+
if(! $result)
return $result;
}
@@ -207,9 +208,9 @@ function xchan_keychange_acl($table,$column,$oldxchan,$newxchan) {
if($r) {
foreach($r as $rv) {
$z = q("update $table set $allow = '%s', $deny = '%s' where $column = %d",
- dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>',
+ dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>',
$rv[$allow])),
- dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>',
+ dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>',
$rv[$deny])),
intval($rv[$column])
);
@@ -243,7 +244,7 @@ function xchan_change_key($oldx,$newx,$data) {
'xprof' => 'xprof_hash',
'xtag' => 'xtag_hash'
];
-
+
$acls = [
'channel' => 'channel_id',
diff --git a/include/zot.php b/include/zot.php
index d61873ba2..f96792656 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -8,6 +8,7 @@
*
*/
+use Zotlabs\Lib\Crypto;
use Zotlabs\Lib\DReport;
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\Activity;
@@ -123,15 +124,15 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
'type' => $type,
'sender' => [
'guid' => $channel['channel_guid'],
- 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)),
+ 'guid_sig' => base64url_encode(Crypto::sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)),
'url' => z_root(),
- 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)),
+ 'url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'],$sig_method)),
'sitekey' => get_config('system','pubkey')
],
'callback' => '/post',
'version' => Zotlabs\Lib\System::get_zot_revision(),
- 'encryption' => crypto_methods(),
- 'signing' => signing_methods()
+ 'encryption' => Crypto::methods(),
+ 'signing' => Crypto::signing_methods()
];
if ($recipients) {
@@ -143,7 +144,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
if ($secret) {
$data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret);
- $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method));
+ $data['secret_sig'] = base64url_encode(Crypto::sign($secret,$channel['channel_prvkey'],$sig_method));
}
if ($extra) {
@@ -157,7 +158,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
if($remote_key) {
$algorithm = zot_best_algorithm($methods);
- $data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm);
+ $data = Crypto::encapsulate(json_encode($data),$remote_key, $algorithm);
}
return json_encode($data);
@@ -197,15 +198,15 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg
'type' => $type,
'sender' => [
'guid' => $channel['channel_guid'],
- 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)),
+ 'guid_sig' => base64url_encode(Crypto::sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)),
'url' => z_root(),
- 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)),
+ 'url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'],$sig_method)),
'sitekey' => get_config('system','pubkey')
],
'callback' => '/post',
'version' => Zotlabs\Lib\System::get_zot_revision(),
- 'encryption' => crypto_methods(),
- 'signing' => signing_methods()
+ 'encryption' => Crypto::methods(),
+ 'signing' => Crypto::signing_methods()
];
if ($recipients) {
@@ -221,7 +222,7 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg
if ($secret) {
$data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret);
- $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method));
+ $data['secret_sig'] = base64url_encode(Crypto::sign($secret,$channel['channel_prvkey'],$sig_method));
}
if ($extra) {
@@ -235,7 +236,7 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg
if($remote_key) {
$algorithm = zot_best_algorithm($methods);
- $data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm);
+ $data = Crypto::encapsulate(json_encode($data),$remote_key, $algorithm);
}
return json_encode($data);
@@ -249,7 +250,7 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg
*
* @param string $methods
* comma separated list of encryption methods
- * @return string first match from our site method preferences crypto_methods() array
+ * @return string first match from our site method preferences Crypto::methods() array
* of a method which is common to both sites; or 'aes256cbc' if no matches are found.
*/
function zot_best_algorithm($methods) {
@@ -272,7 +273,7 @@ function zot_best_algorithm($methods) {
if($methods) {
$x = explode(',', $methods);
if($x) {
- $y = crypto_methods();
+ $y = Crypto::methods();
if($y) {
foreach($y as $yv) {
$yv = trim($yv);
@@ -443,7 +444,7 @@ function zot_refresh($them, $channel = null, $force = false) {
$signed_token = ((is_array($j) && array_key_exists('signed_token',$j)) ? $j['signed_token'] : null);
if($signed_token) {
- $valid = rsa_verify('token.' . $token,base64url_decode($signed_token),$j['key']);
+ $valid = Crypto::verify('token.' . $token,base64url_decode($signed_token),$j['key']);
if(! $valid) {
logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR);
return false;
@@ -461,7 +462,7 @@ function zot_refresh($them, $channel = null, $force = false) {
if($channel) {
if($j['permissions']['data']) {
- $permissions = crypto_unencapsulate(
+ $permissions = Crypto::unencapsulate(
[
'data' => $j['permissions']['data'],
'key' => $j['permissions']['key'],
@@ -719,8 +720,8 @@ function zot_register_hub($arr) {
*/
foreach($sig_methods as $method) {
- if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'],$method))
- && (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'],$method))
+ if((Crypto::verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'],$method))
+ && (Crypto::verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'],$method))
&& ($arr['guid'] === $record['guid'])
&& ($arr['guid_sig'] === $record['guid_sig'])) {
$c = import_xchan($record);
@@ -790,7 +791,7 @@ function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
$verified = false;
foreach($sig_methods as $method) {
- if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'],$method)) {
+ if(! Crypto::verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'],$method)) {
logger('Unable to verify channel signature for ' . $arr['address'] . ' using ' . $method);
continue;
}
@@ -925,28 +926,28 @@ function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
$local = q("select channel_account_id, channel_id from channel where channel_portable_id = '%s' limit 1",
dbesc($xchan_hash)
);
-
+
if($local) {
- // @FIXME This should be removed in future when profile photo update by file sync procedure will be applied
+ // @FIXME This should be removed in future when profile photo update by file sync procedure will be applied
// on most hubs in the network
// <---
$ph = z_fetch_url($arr['photo'], true);
-
+
if($ph['success']) {
-
+
// Do not fetch already received thumbnails
$x = q("SELECT resource_id FROM photo WHERE uid = %d AND imgscale = %d AND filesize = %d LIMIT 1",
intval($local[0]['channel_id']),
intval(PHOTO_RES_PROFILE_300),
strlen($ph['body'])
- );
+ );
if($x)
$hash = $x[0]['resource_id'];
else
$hash = import_channel_photo($ph['body'], $arr['photo_mimetype'], $local[0]['channel_account_id'], $local[0]['channel_id']);
}
-
+
if($hash) {
// unless proven otherwise
$is_default_profile = 1;
@@ -972,7 +973,7 @@ function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
}
}
// --->
-
+
// reset the names in case they got messed up when we had a bug in this function
$photos = array(
z_root() . '/photo/profile/l/' . $local[0]['channel_id'],
@@ -1128,7 +1129,7 @@ function zot_process_response($hub, $arr, $outq) {
if(is_array($x) && array_key_exists('delivery_report',$x) && is_array($x['delivery_report'])) {
if(array_key_exists('iv',$x['delivery_report'])) {
- $j = crypto_unencapsulate($x['delivery_report'],get_config('system','prvkey'));
+ $j = Crypto::unencapsulate($x['delivery_report'],get_config('system','prvkey'));
if($j) {
$x['delivery_report'] = json_decode($j,true);
}
@@ -1253,14 +1254,14 @@ function zot_fetch($arr) {
$data = [
'type' => 'pickup',
'url' => z_root(),
- 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))),
+ 'callback_sig' => base64url_encode(Crypto::sign(z_root() . '/post', get_config('system','prvkey'))),
'callback' => z_root() . '/post',
'secret' => $secret,
- 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey')))
+ 'secret_sig' => base64url_encode(Crypto::sign($secret, get_config('system','prvkey')))
];
$algorithm = zot_best_algorithm($hub['site_crypto']);
- $datatosend = json_encode(crypto_encapsulate(json_encode($data),$hub['hubloc_sitekey'], $algorithm));
+ $datatosend = json_encode(Crypto::encapsulate(json_encode($data),$hub['hubloc_sitekey'], $algorithm));
$import = zot_zot($url,$datatosend);
@@ -1272,7 +1273,7 @@ function zot_fetch($arr) {
$result = zot_import($import, $arr['sender']['url']);
if($result) {
- $result = crypto_encapsulate(json_encode($result),$hub['hubloc_sitekey'], $algorithm);
+ $result = Crypto::encapsulate(json_encode($result),$hub['hubloc_sitekey'], $algorithm);
return $result;
}
@@ -1314,7 +1315,7 @@ function zot_import($arr, $sender_url) {
}
if(array_key_exists('iv', $data)) {
- $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true);
+ $data = json_decode(Crypto::unencapsulate($data,get_config('system','prvkey')),true);
}
if(! is_array($data)) {
@@ -1342,7 +1343,7 @@ function zot_import($arr, $sender_url) {
$result = null;
if(array_key_exists('iv',$i['notify'])) {
- $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true);
+ $i['notify'] = json_decode(Crypto::unencapsulate($i['notify'],get_config('system','prvkey')),true);
}
logger('Notify: ' . print_r($i['notify'],true), LOGGER_DATA, LOG_DEBUG);
@@ -2466,7 +2467,7 @@ function process_rating_delivery($sender, $arr) {
dbesc($sender['hash'])
);
- if((! $z) || (! rsa_verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) {
+ if((! $z) || (! Crypto::verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) {
logger('failed to verify rating');
return;
}
@@ -2652,7 +2653,7 @@ function sync_locations($sender, $arr, $absolute = false) {
$arr['locations'][0]['primary'] = true;
foreach($arr['locations'] as $location) {
- if(! rsa_verify($location['url'],base64url_decode($location['url_sig']),$sender['key'])) {
+ if(! Crypto::verify($location['url'],base64url_decode($location['url_sig']),$sender['key'])) {
logger('Unable to verify site signature for ' . $location['url']);
$ret['message'] .= sprintf( t('Unable to verify site signature for %s'), $location['url']) . EOL;
continue;
@@ -3126,7 +3127,7 @@ function import_site($arr, $pubkey) {
if( (! is_array($arr)) || (! $arr['url']) || (! $arr['url_sig']))
return false;
- if(! rsa_verify($arr['url'], base64url_decode($arr['url_sig']), $pubkey)) {
+ if(! Crypto::verify($arr['url'], base64url_decode($arr['url_sig']), $pubkey)) {
logger('Bad url_sig');
return false;
}
@@ -3509,12 +3510,12 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
if($keychange) {
// verify the keychange operation
- if(! rsa_verify($arr['channel']['channel_pubkey'],base64url_decode($arr['keychange']['new_sig']),$channel['channel_prvkey'])) {
+ if(! Crypto::verify($arr['channel']['channel_pubkey'],base64url_decode($arr['keychange']['new_sig']),$channel['channel_prvkey'])) {
logger('sync keychange: verification failed');
continue;
}
- $sig = base64url_encode(rsa_sign($channel['channel_guid'],$arr['channel']['channel_prvkey']));
+ $sig = base64url_encode(Crypto::sign($channel['channel_guid'],$arr['channel']['channel_prvkey']));
$hash = make_xchan_hash($channel['channel_guid'],$sig);
@@ -3551,7 +3552,7 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
foreach($h as $hv) {
$hv['hubloc_guid_sig'] = $sig;
$hv['hubloc_hash'] = $hash;
- $hv['hubloc_url_sig'] = base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey']));
+ $hv['hubloc_url_sig'] = base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey']));
hubloc_store_lowlevel($hv);
}
}
@@ -4329,7 +4330,7 @@ function zot_rekey_request($sender,$data) {
$xchan = $r[0];
- if(! rsa_verify($data['new_key'],base64url_decode($data['new_sig']),$xchan['xchan_pubkey'])) {
+ if(! Crypto::verify($data['new_key'],base64url_decode($data['new_sig']),$xchan['xchan_pubkey'])) {
json_return_and_die($ret);
}
@@ -4367,7 +4368,7 @@ function zotinfo($arr) {
$feed = ((x($arr,'feed')) ? intval($arr['feed']) : 0);
if($ztarget) {
- if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) {
+ if((! $zkey) || (! $zsig) || (! Crypto::verify($ztarget,base64url_decode($zsig),$zkey))) {
logger('zfinger: invalid target signature');
$ret['message'] = t("invalid target signature");
return($ret);
@@ -4531,7 +4532,7 @@ function zotinfo($arr) {
// Communication details
if($token)
- $ret['signed_token'] = base64url_encode(rsa_sign('token.' . $token,$e['channel_prvkey'],$sig_method));
+ $ret['signed_token'] = base64url_encode(Crypto::sign('token.' . $token,$e['channel_prvkey'],$sig_method));
$ret['guid'] = $e['xchan_guid'];
@@ -4587,7 +4588,7 @@ function zotinfo($arr) {
// because ztarget refers to an xchan and we don't necessarily know the origination
// location.
- $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey) : $permissions);
+ $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey,) : $permissions);
if($permissions['view_profile'])
$ret['profile'] = $profile;
@@ -4622,9 +4623,9 @@ function zot_site_info($channel_key = '') {
$ret['site'] = [];
$ret['site']['url'] = z_root();
if($channel_key) {
- $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$channel_key,$sig_method));
+ $ret['site']['url_sig'] = base64url_encode(Crypto::sign(z_root(),$channel_key,$sig_method));
}
- $ret['site']['url_site_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method));
+ $ret['site']['url_site_sig'] = base64url_encode(Crypto::sign(z_root(),$signing_key,$sig_method));
$ret['site']['post'] = z_root() . '/post';
$ret['site']['openWebAuth'] = z_root() . '/owa';
$ret['site']['authRedirect'] = z_root() . '/magic';
@@ -4644,8 +4645,8 @@ function zot_site_info($channel_key = '') {
$ret['site']['directory_url'] = z_root() . '/dirsearch';
- $ret['site']['encryption'] = crypto_methods();
- $ret['site']['signing'] = signing_methods();
+ $ret['site']['encryption'] = Crypto::methods();
+ $ret['site']['signing'] = Crypto::signing_methods();
$ret['site']['zot'] = Zotlabs\Lib\System::get_zot_revision();
// hide detailed site information if you're off the grid
@@ -4724,7 +4725,7 @@ function check_zotinfo($channel, $locations, &$ret) {
// the sys channel must have a location (hubloc)
$valid_location = false;
if((count($locations) === 1) && ($locations[0]['primary']) && (! $locations[0]['deleted'])) {
- if((rsa_verify($locations[0]['url'],base64url_decode($locations[0]['url_sig']),$channel['channel_pubkey']))
+ if((Crypto::verify($locations[0]['url'],base64url_decode($locations[0]['url_sig']),$channel['channel_pubkey']))
&& ($locations[0]['sitekey'] === get_config('system','pubkey'))
&& ($locations[0]['url'] === z_root()))
$valid_location = true;
@@ -4752,7 +4753,7 @@ function check_zotinfo($channel, $locations, &$ret) {
'hubloc_network' => 'zot',
'hubloc_primary' => 1,
'hubloc_url' => z_root(),
- 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])),
+ 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])),
'hubloc_host' => App::get_hostname(),
'hubloc_callback' => z_root() . '/post',
'hubloc_sitekey' => get_config('system','pubkey'),
@@ -4931,7 +4932,7 @@ function zot_reply_ping() {
$ret['success'] = true;
$ret['site'] = array();
$ret['site']['url'] = z_root();
- $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),get_config('system','prvkey')));
+ $ret['site']['url_sig'] = base64url_encode(Crypto::sign(z_root(),get_config('system','prvkey')));
$ret['site']['sitekey'] = get_config('system','pubkey');
json_return_and_die($ret);
@@ -4979,10 +4980,10 @@ function zot_reply_pickup($data) {
logger('mod_zot: Checking sitekey: ' . $sitekey, LOGGER_DATA, LOG_DEBUG);
- if(rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
+ if(Crypto::verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
$forgery = false;
}
- if(rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
+ if(Crypto::verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
$secret_fail = false;
}
if((! $forgery) && (! $secret_fail))
@@ -5076,7 +5077,7 @@ function zot_reply_pickup($data) {
);
$algorithm = zot_best_algorithm(($x) ? $x[0]['site_crypto'] : '');
- $encrypted = crypto_encapsulate(json_encode($ret),$sitekey,$algorithm);
+ $encrypted = Crypto::encapsulate(json_encode($ret),$sitekey,$algorithm);
json_return_and_die($encrypted);
// @FIXME: There is a possibility that the transmission will get interrupted
@@ -5133,7 +5134,7 @@ function zot_reply_auth_check($data,$encrypted_packet) {
// First verify their signature. We will have obtained a zot-info packet from them as part of the sender
// verification.
- if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
+ if ((! $y) || (! Crypto::verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
$ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL;
@@ -5158,7 +5159,7 @@ function zot_reply_auth_check($data,$encrypted_packet) {
json_return_and_die($ret);
}
- $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey']));
+ $confirm = base64url_encode(Crypto::sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey']));
// This additionally checks for forged sites since we already stored the expected result in meta
// and we've already verified that this is them via zot_gethub() and that their key signed our token